Refactors style bundling so it's easy to avoid an insecure CSP

This commit is contained in:
P. Douglas Reeder
2023-04-19 00:34:18 -04:00
parent 933099a497
commit b85269b1aa
3 changed files with 13 additions and 1 deletions

View File

@ -112,3 +112,12 @@ Deploy this Eleventy site in just a few clicks on these services:
- `_includes/layouts/post.njk`: the blog post template (wrapped into `base.njk`)
- `_includes/postslist.njk` is a Nunjucks include and is a reusable component used to display a list of all the posts. `content/index.njk` has an example of how to use it.
If your site enforces a Content Security Policy (as public-facing sites should), either, in `base.njk`, disable
```html
<style>{% getBundle "css" %}</style>
```
and enable
```html
<link rel="stylesheet" href="{% getBundleFileUrl "css" %}">
```
or configure the server with the CSP directive `style-src: 'unsafe-inline'` (which is less secure).